./lang/nodejs16, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 16.18.1, Package name: nodejs-16.18.1, Maintainer: pkgsrc-users

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the 16.x LTS release.



Package options: openssl

Master sites:

Filesize: 35003.785 KB

Version history: (Expand)


CVS history: (Expand)


   2022-11-23 13:46:29 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs16: updated to 16.18.1

Version 16.18.1 'Gallium' (LTS)

This is a security release.

Notable changes

The following CVEs are fixed in this release:

* \ 
**[CVE-2022-43548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548)**: \ 
DNS rebinding in --inspect via invalid octal IP address (Medium)
   2022-11-01 18:58:22 by Amitai Schleier | Files touched by this commit (5)
Log message:
lang/nodejs{,16}: as expected by upstream, install corepack (and bump
PKGREVISION). For earlier versions, no change.
   2022-10-17 13:01:44 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs16: updated to 16.18.0

Version 16.18.0 'Gallium' (LTS)

Notable changes

- (SEMVER-MINOR) assert: add getCalls and reset to callTracker (Moshe Atlow)
- (SEMVER-MINOR) crypto: allow zero-length secret KeyObject (Filip Skokan)
- (SEMVER-MINOR) crypto: allow zero-length IKM in HKDF and in webcrypto PBKDF2 \ 
(Filip Skokan)
- (SEMVER-MINOR) doc: deprecate modp1, modp2, and modp5 groups (Tobias Nie├čen)
- (SEMVER-MINOR) http: make idle http parser count configurable (theanarkh)
- (SEMVER-MINOR) http: throw error on content-length mismatch (sidwebworks)
- (SEMVER-MINOR) lib: add diagnostics channel for process and worker (theanarkh)
- (SEMVER-MINOR) net,tls: pass a valid socket on tlsClientError (Daeyeon Jeong)
- (SEMVER-MINOR) net: add local family (theanarkh)
- (SEMVER-MINOR) report: expose report public native apis (Chengzhong Wu)
- (SEMVER-MINOR) src: expose environment RequestInterrupt api (Chengzhong Wu)
- (SEMVER-MINOR) stream: add ReadableByteStream.tee() (Daeyeon Jeong)
- (SEMVER-MINOR) test_runner: add before/after/each hooks (Moshe Atlow)
- (SEMVER-MINOR) util: add maxArrayLength option to Set and Map (Kohei Ueno)
   2022-09-27 09:57:29 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs16: updated to 16.17.1

Version 16.17.1 'Gallium' (LTS)

This is a security release.

Notable changes

The following CVEs are fixed in this release:

CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
CVE-2022-32213: bypass via obs-fold mechanic (Medium)
CVE-2022-35255: Weak randomness in WebCrypto keygen
CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
   2022-08-29 08:28:38 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
nodejs16: updated to 16.17.0

Version 16.17.0 'Gallium' (LTS)

Notable Changes

Experimental command-line argument parser API

Adds util.parseArgs helper for higher level command-line argument parsing.

Experimental ESM Loader Hooks API

Node.js ESM Loader hooks now support multiple custom loaders, and composition is \ 
achieved via "chaining": foo-loader calls bar-loader calls qux-loader \ 
(a custom loader must now signal a short circuit when intentionally not calling \ 
the next). See the ESM docs for details.

Real-world use-cases are laid out for end-users with working examples in the \ 
article Custom ESM loaders: Who, what, when, where, why, how.

Experimental test runner

The node:test module, which was initially introduced in Node.js v18.0.0, is now \ 
available with all the changes done to it up to Node.js v18.7.0.

Improved interoperability of the Web Crypto API

To better align Node.js' experimental implementation of the Web Crypto API with \ 
other runtimes, several changes were made:

Support for CFRG curves was added, with the 'Ed25519', 'Ed448', 'X25519', and \ 
'X448' algorithms.
The proprietary 'NODE-DSA', 'NODE-DH', 'NODE-SCRYPT', 'NODE-ED25519', \ 
'NODE-ED448', 'NODE-X25519', and 'NODE-X448' algorithms were removed.
The proprietary 'node.keyObject' import/export format was removed.
   2022-07-08 15:30:19 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs16: updated to 16.16.0

Version 16.16.0 'Gallium' (LTS)

This is a security release.

Notable changes

deps:
upgrade openssl sources to OpenSSL_1_1_1q (RafaelGSS)
src:
add OpenSSL config appname (Daniel Bevenius)
   2022-07-04 17:48:53 by Jonathan Perkin | Files touched by this commit (3)
Log message:
nodejs: Limit ABI depends to each release branch.

While not strictly true, it's required to avoid pbulk always choosing nodejs18
as the preferred dependency, which is incorrect on platforms where it does not
build (macOS 10.14) and NODE_VERSION_DEFAULT is set to 16.
   2022-06-05 10:18:53 by Makoto Fujiwara | Files touched by this commit (1)
Log message:
(lang/nodejs16) regen distinfo